update intellij, add hosts file

modules/graphical/code.nix

@@ -14,7 +14,7 @@ in
     documentation.dev.enable = true;
     environment.systemPackages = with pkgs; [
       man-pages
-      stable.jetbrains.idea-ultimate
+      jetbrains.idea-ultimate
       typescript
       insomnia
       nodejs_22 # needed for tabby extension

modules/nix/settings.nix

@@ -20,7 +20,7 @@ in
 
     nix = {
       optimise.automatic = cfg.optimise;
-      settings.experimental-features = [ "nix-command" "flakes" ];
+      settings.experimental-features = [ "nix-command" "flakes" "pipe-operators" ];
       # not used
       #settings.substituters =
       #  lib.mkIf (config.networking.hostName == "kop-pc")

modules/services/adguard.nix

@@ -1,5 +1,7 @@
 { config, pkgs, inputs, lib, ... }:
 let cfg = config.custom.services.adguard;
+      ip = cfg.ip;
+      wireguardIp = config.custom.services.wireguard.ip;
 in {
   options.custom.services.adguard = {
     enable = lib.mkEnableOption "Enables adguard";
@@ -23,87 +25,9 @@ in {
       default = "https://127.0.0.1:8443/acme/kop-acme/directory";
       description = "acme url for the adguard instance";
     };
-  };
+    rewrites = lib.mkOption {
-  config =
+      type = lib.types.listOf (lib.types.attrsOf lib.types.str);
-    let
+      default = [             {
-      ip = cfg.ip;
-      wireguardIp = config.custom.services.wireguard.ip;
-    in
-    lib.mkIf cfg.enable {
-      networking.firewall.allowedTCPPorts = [ 53 ];
-      networking.firewall.allowedUDPPorts = [ 53 ];
-
-      security.acme.certs."${cfg.fqdn}".server = cfg.acme-url;
-      # nginx reverse proxy
-      services.nginx.enable = true;
-      services.nginx.virtualHosts.${cfg.fqdn} = {
-        forceSSL = cfg.useHttps;
-        enableACME = cfg.useHttps;
-        locations."/" = {
-          proxyPass =
-            "http://127.0.0.1:${toString config.services.adguardhome.port}";
-          proxyWebsockets = true;
-        };
-      };
-      systemd.services.adguardhome = {
-        after = [ "nginx.service" "step-ca.service" ];
-      };
-
-      services.adguardhome = {
-        enable = true;
-        settings = {
-          schema_version = 28;
-          users = [{
-            name = "admin";
-            password =
-              "$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W";
-          }];
-          dns = {
-            bind_hosts = [ "127.0.0.1" ip ] ++ lib.lists.optionals config.custom.services.wireguard.enable [ wireguardIp ];
-            port = 53;
-            protection_enabled = true;
-            filtering_enabled = true;
-            upstream_dns = [
-                #"https://dns10.quad9.net/dns-query" slow
-              "quic://dns.adguard-dns.com"
-                #"tls://noads.libredns.gr" slow
-              "https://noads.joindns4.eu/dns-query"
-              "tls://getdnsapi.net"
-            ];
-            fallback_dns = [
-              "1.1.1.1"
-              "1.0.0.1"
-            ];
-            use_http3_upstreams = true;
-          };
-          querylog = { enabled = false; };
-          filters = [
-            {
-              enabled = true;
-              url =
-                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
-              name = "adguard dns list";
-              id = 1;
-            }
-            {
-              enabled = true;
-              url =
-                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
-              name = "adguard block list";
-              id = 2;
-            }
-            {
-              enabled = true;
-              url = "https://dbl.oisd.nl/";
-              name = "big block list";
-              id = 3;
-            }
-          ];
-          dhcp = { enabled = false; };
-          tls = { enabled = false; };
-          filtering = {
-            rewrites = [
-              {
                 "domain" = "kopatz.ddns.net";
                 "answer" = ip;
               }
@@ -190,8 +114,89 @@ in {
               {
                 "domain" = "inverter.home.arpa";
                 "answer" = "192.168.0.9";
-              }
+              }];
+      description = "list of domains to rewrite to this server's ip";
+    };
+  };
+  config =
+    #let
+    #  ip = cfg.ip;
+    #  wireguardIp = config.custom.services.wireguard.ip;
+    #in
+    lib.mkIf cfg.enable {
+      networking.firewall.allowedTCPPorts = [ 53 ];
+      networking.firewall.allowedUDPPorts = [ 53 ];
+
+      security.acme.certs."${cfg.fqdn}".server = cfg.acme-url;
+      # nginx reverse proxy
+      services.nginx.enable = true;
+      services.nginx.virtualHosts.${cfg.fqdn} = {
+        forceSSL = cfg.useHttps;
+        enableACME = cfg.useHttps;
+        locations."/" = {
+          proxyPass =
+            "http://127.0.0.1:${toString config.services.adguardhome.port}";
+          proxyWebsockets = true;
+        };
+      };
+      systemd.services.adguardhome = {
+        after = [ "nginx.service" "step-ca.service" ];
+      };
+
+      services.adguardhome = {
+        enable = true;
+        settings = {
+          schema_version = 28;
+          users = [{
+            name = "admin";
+            password =
+              "$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W";
+          }];
+          dns = {
+            bind_hosts = [ "127.0.0.1" ip ] ++ lib.lists.optionals config.custom.services.wireguard.enable [ wireguardIp ];
+            port = 53;
+            protection_enabled = true;
+            filtering_enabled = true;
+            upstream_dns = [
+                #"https://dns10.quad9.net/dns-query" slow
+              "quic://dns.adguard-dns.com"
+                #"tls://noads.libredns.gr" slow
+              "https://noads.joindns4.eu/dns-query"
+              "tls://getdnsapi.net"
             ];
+            fallback_dns = [
+              "1.1.1.1"
+              "1.0.0.1"
+            ];
+            use_http3_upstreams = true;
+          };
+          querylog = { enabled = false; };
+          filters = [
+            {
+              enabled = true;
+              url =
+                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
+              name = "adguard dns list";
+              id = 1;
+            }
+            {
+              enabled = true;
+              url =
+                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
+              name = "adguard block list";
+              id = 2;
+            }
+            {
+              enabled = true;
+              url = "https://dbl.oisd.nl/";
+              name = "big block list";
+              id = 3;
+            }
+          ];
+          dhcp = { enabled = false; };
+          tls = { enabled = false; };
+          filtering = {
+            rewrites = cfg.rewrites;
           };
         };
       };

systems/pc/configuration.nix

@@ -42,7 +42,7 @@
       #gateway = "192.168.0.10";
     };
     misc = { docker.enable = true; };
-    services = { syncthing = { enable = true; }; };
+    services = { syncthing = { enable = true; }; adguard.ip = "192.168.0.10"; };
     hardware = {
       android.enable = true;
       amd-gpu = {
@@ -235,6 +235,18 @@
     ''
   ];
 
+  networking.hosts = let 
+    addr_to_domain_list = config.custom.services.adguard.rewrites |> map (x: { "${x.answer}" = [ x.domain ];} );
+    flattened = builtins.foldl' (acc: elem:
+        let
+          ip = builtins.head (builtins.attrNames elem);
+          names = elem.${ip};
+        in acc // {
+          ${ip} = (acc.${ip} or []) ++ names;
+        }
+      ) {} addr_to_domain_list;
+    in flattened;
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave